flypig.co.uk

Location

Research

I've been involved in research on-and-off (mostly on) for more than 15 years, starting in maths and moving into computing. For the last ten years I've worked in computer security, and am currently a Research Associate at the University of Cambridge working on the Pico project. The project, run by Frank Stajano, will rid the world of pesky passwords. Everyone I speak to about it seems to think this would be a Good Thing.

After my PhD I worked briefly for Codemasters as a programmer on Toca Race Driver, a driving game. I stayed there for nearly two years, but eventually decided to move back into academia. Until recently I worked at Liverpool John Moores University, mostly on security research as Reader in Computer Security.

Research interests

Usable Security: An area that's desperate for solutions. For most people there seems to be an inescapable trade-off between security and usability. This needn't be the case and when security aligns itself with incentives, workflow and user behaviour, beautiful things can happen.

Secure Component Composition: A feature of network computing is the constant interaction between systems. This includes Web services, embedded devices, Websites and Internet-enabled devices of all sorts. This has important ramifications in terms of security, as the composition of multiple components can have unexpected effects on the security properties of a larger system. An important part of my research involves considering how component composition affects security properties, and how this can be used advantageously.

Security Visualisation: most people are quite-rightly ambivalent about security. They know it's important, but don't want to have to spend lots of time dealing with it. On the other hand, Internet security can be technical and abstract. Presenting security information in an understandable, immediate, interactive and accurate way is challenging. I feel it's important to find rigorous and systematic ways to achieve this.

Code Analysis and Reasoning: establishing security properties of executable code can be difficult. One way to achieve this is by performing code analysis, in order to turn the code into a form of propositional logic that a computer can then reason about. The processes involved are exciting (to me!), and I'm very interested in researching techniques that can allow code analysis to be performed automatically and efficiently. Part of this work involves automatic proof generation, based on the logical statements obtained.

Model Theory and Logic: my PhD area was in mathematical logic and model theory, considering the characteristics of the automorphism groups of models of Presburger Arithmetic. This is a very pure subject, but is fascinating in its own right. There's also scope for using results in this area to improve how computers can reason about code through Direct Code Analysis, for example for security analysis.